Many different types of computing systems have attained widespread use around the world. These computing systems include personal computers, servers, mainframes and a wide variety of stand-alone and embedded computing devices. Sprawling client-server systems exist, with applications and information spread across many PC networks, mainframes and minicomputers. In a distributed system connected by networks, a user may access many application programs, databases, network systems, operating systems and mainframe applications. Computers provide individuals and businesses with a host of software applications including word processing, spreadsheet, and accounting. Further, networks enable high speed communication between people in diverse locations by way of e-mail, websites, instant messaging, and web-conferencing.
A common architecture for high performance, single-chip microprocessors is the reduced instruction set computer (RISC) architecture characterized by a small simplified set of frequently used instructions for rapid execution. Thus, in a RISC architecture, a complex instruction comprises a small set of simple instructions that are executed in steps very rapidly. These steps are performed in execution units adapted to execute specific simple instructions. In a superscalar architecture, these execution units typically comprise load/store units, integer Arithmetic/Logic Units, floating point Arithmetic/Logic Units, and Graphical Logic Units that operate in parallel. In a processor architecture, an operating system controls operation of the processor and components peripheral to the processor. Executable application programs are stored in a computer's hard drive. The computer's processor causes application programs to run in response to user inputs.
Thus, in a modern system, a plurality of computers—including servers—are connected together through a network. Each computer may run application programs for performing certain functions. These application programs may include word-processing, e-mail, graphics, document viewing and mark-up, spreadsheet, database, music player, internet explorer, photo-shop, games, anti-virus, as well as a host of other application programs too numerous to mention. Many application programs perform encryption and/or decryption of program data. For example, an email sender may encrypt an email before sending it out to the recipient A recipient of the encrypted email will need to decrypt the received encrypted email from the sender. In another application, a sender may digitally sign a document before sending it. The operation of digital signing involves encryption. The digital signature can be verified by encryption also. Other examples of the use of encryption by application programs abound.
To perform encryption and/or decryption, the application program must have a key and must follow a known algorithm for performing the encryption/decryption using the key. Thus, an application program may deal with sensitive data calling for encryption. For example, an application program may encrypt a file. The encrypted file prevents one without a key from reading the file. The data in the file may also be signed. When data is signed it cannot be modified without detection.
With the advent of the internet and wide spread use of computers, more and more commercial transactions occur electronically. To facilitate this “e-commerce,” computing networks employ encryption and digital signatures. Encryption enables a user to conceal messages transmitted over a network. Decryption enables recovery of the original message from its encrypted counterpart. Digital signatures enable the user to sign documents electronically. Forming a digital signature involves encryption in a public key cryptography system. The system employs an algorithm using two different but mathematically related “keys;” one for creating a digital signature and another for verifying a digital signature. Computer equipment and software utilizing two such keys are often collectively termed an “asymmetric cryptosystem.”
The complementary keys of an asymmetric cryptosystem for digital signatures are termed the private key and the public key. The signer uses the private key to create the digital signature. Ideally, only the signer can access his private key. The public key is ordinarily more widely known. A party to rely on the signature uses the public key to verify the digital signature. Although the keys of the pair are mathematically related, it is computationally infeasible to derive the private key from the public key. Thus, although many people may know the public key of a given signer and can use it to verify that signer's signature, they cannot access the signer's private key to forge the signer's digital signature. This is the principle of “irreversibility.”
A fundamental process to create and verify digital signatures is a “hash function.” A hash function is an algorithm that creates a digital representation or “fingerprint” in the form of a “hash result.” The hash result is usually much smaller than the message but is, nevertheless, substantially unique to it. This hash result is encrypted using the signer's private key to create the digital signature. Any change to the message invariably produces a different hash result when the same hash function is used. For a secure hash function, it is computationally infeasible to derive the original message from its hash value. Hash functions therefore enable the software for creating digital signatures to operate on smaller and predictable amounts of data, while still providing robust evidentiary correlation to the original message content.
To sign a document or any other item of information, the signer first delimits precisely the borders of what is to be signed. The delimited information to be signed is termed the “message.” Then a hash function in the signer's software computes a hash result unique (for all practical purposes) to the message. The signer's software then encrypts the hash result into a digital signature using the signer's private key. The resulting digital signature is thus unique to both the message and the private key used to create it.
When a signer sends a signed message, the unsigned message is also sent. The recipient verifies the signature by using the user's public key to decrypt the encrypted hash. The recipient also hashes the unsigned message. The two hash results are then compared. The signature is verified only if the two hash results are the same. The equality of the hash results means that the message signed by the sender is the one received by the recipient. Then, the sender cannot repudiate that he signed the message received and verified by the recipient. The verifier of a digital signature must have assurance that the signature was made by a particular person. This assurance arises from a trusted third party that issues a certificate that certifies that signatures that can be verified using the public key specified in the certificate belong to the party identified in the certificate.
Thus, many application programs must have keys to encrypt and sign documents, files, and blocks of data. Methods for managing and generating such keys are needed.